2 matches found
CVE-2024-29200
Kimai is a web-based multi-user time-tracking application. The permission viewothertimesheet performs differently for the Kimai UI and the API, thus returning unexpected data through the API. When setting the viewothertimesheet permission to true, on the frontend, users can only see timesheet...
Privilege Escalation
publifycore is vulnerable to privilege escalation. The vulnerability exists due to the front-end restrictions. A malicious user with a guest role can self-register, even if the admin does not allow it...